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DETAILED ACTION 
Claims 1-10, 15-18, 21-23, 29 are pending. 
Claims 1-10, 15-18, 21-22 are amended. 
Claim 29 is new. 

Claims 11-14, 19-20, 24-28 are cancelled. 
Claims 6 ,21 ,22, 29 are independent. 



Response to Arguments 

1 . Applicant's arguments filed 12/18/2009 have been fully considered but they are 
not persuasive. 

2. The applicant argues: That the network address translation method of Chang 
reference "does not involve the IP address of the sending device" and that the reference 
does not "associate a sending device and destination on the global network with a 
destination on the private network," "If a sending device and destination of the packet 
received at the WAN interface unit matches the sending device and destination on the 
global network of the address translation rule." 

3. In Response, the examiner respectfully submits: That Chang discloses the well 
know prior art method of network address translation (NAT) routing and Network 
address and Port translation (NAPT) wherein address translation rules are recorded in a 
table. Chang further discloses wherein "[w]hen receiving an IP address, the NAT router 
[WAN interface unit] determines whether the source IP or destination IP address 
[global network destination/address] in the header of the IP packet matches with the 
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address translation rules [global and private address associated with a sending device]. 
If they are matched, an address translation is performed based on the content of the 
NAT table" and NAPT which includes port addresses along with IP address in the 
translation rules (Chang [0007-0008]). 
4. 

Claim Rejections - 35 USC § 102 

5. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

6. Claims 6-7, 17-18, 21 and 29 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Chang et al. (US 2004/0100976) hereafter Chang. 

Regarding claim 6, Chang discloses an address translation apparatus for a 
terminal or a server on a private network that does not have an address on a global 
network to perform communication through the global network, comprising: 

a WAN interface unit which provides communication with the global network 
("public network 100" Chang: [0024] and fig. 1); 

a LAN interface unit which provides communication with the private network ("a 
private network 101 Chang: [0024] and fig. 1); 

an address translation unit having (Chang: [0024]): 

means for translating an address in accordance with an address translation rule 
established on a per sending device basis("FIG. 4 shows the format of the NAPT table 
in accordance with the present invention" Chang: [0022]), 
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in order to transferring information from a terminal on tlie global network to a 
terminal on the private network ( Chang: [0026], [0022], [0031], [0007]); and 

means for translating an address in accordance with an address translation rule 
established on a per sending device basis (Chang: [0026-0037], [0007]), in order to 
transferring information from a terminal on the private network to a terminal on the 
global network (Chang: [0026-0037], [0007]); and 

a database unit for recording the address translation rules (Chang: [0026-0037], 
[0007]) . wherein 

the address translation rule associates a sending device and destination on the 
global network with a destination on the private network (Chang: [0007-00091) . and 

if sending device and destination of the packet received at the WAN interface unit 
matches the sending device and destination on the global network of the address 
translation rule (Chang: F0007-00091) . the address translation unit translates the 
destination of the packet to the destination on the private network (Chang: [0007-0009]). 

Regarding claim 7, the address translation apparatus according to Claim 6, 
wherein 

the address translation unit further includes ( Chang: [0026-0037], [0007-0009]), 
means for adding an address translation rule which sets the terminal on the 
global network as the sending device to the database unit in response to a request for 
initiating communication sent from a terminal on the global network (Chang: [0026- 
0037], [0007-0009]), 
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means for deleting tlie added address translation rule from the database unit 
when a predetermined criterion for ending communication is satisfied("lifetime 302 
represents the time that the connection-related NAPT data remains in the table; Chang: 
[0026-0037], [0007-0009]), 

means for adding a rule established on a per sending device basis to the 
database unit In response to a request for initiating communication sent from a terminal 
on the private network (Chang: [0007-0009], [0026-0037]),_and 

means for deleting the added rule from the database unit when a predetermined 
criterion for ending communication Is satisfied fChanq: [0007-0009]; "lifetime 302 
represents the time that the connection-related NAPT data remains in the table" Chang: 
[0026-0037]), 

Regarding claim 17, Chang discloses the address translation apparatus 
according to Claim 6 as described above. Chang further discloses, comprising: the 
address translation rule has a condition with the IP address of the sending device or the 
IP address of the sending network (Chang: [0026-0037], [0007]). 

Regarding claim 18, Chang discloses the address translation apparatus 
according to Claim 17 as described above. Chang further disclose wherein the address 
translation unit further includes, means for adding an address translation rule which sets 
the terminal on the g lobal network as the sending device to the database unit in 
response to a request for initiating communication sent from a terminal on the global 
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network (Chang: [0026-0037], [0007]), means for deleting the added address 
translation rule from the database unit when a predetermined criterion for ending 
communication is satisfied ("lifetime 302 represents the time that the connection-related 
NAPT data remains in the table" Chang: [0026-0037], [0007]), means for adding a rule 
established on a per sending device basis to the database unit in response to a request 
for initiating communication sent from a terminal on a private network ( Chang: [0007- 
0009])j_and means for deleting the added rule from the database unit when a 
predetermined criterion for ending communication is satisfied ( Chang: [0007-0009])^ 

Regarding claim 21, Chang discloses an address translation method for a 
terminal on a private network that does not have an address on a global network to 
perform communication through the global network, comprising: 

recording an address translation rule associating a sending device and 
destination on the global network with a destination on the private network in a 
database unit beforehand (Chang: [0007-0009], [0022]); 

when a packet from the global network is received by a WAN interface unit 
([0007-0009], "public network 100" Chang: [0024] and fig. 1), 

translating, by an address translation unit (Chang: [0026-0037], [0007]), a 
destination of the packet to the destination on the private network, if the sending device 
and destination of the packet received at the WAN interface unit matches the sending 
device and destination on the global network of address translation rule (Chang: [0007- 
0009]), and 
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transferring, by a LAN interface unit, the packet having the translated address to 
the private network (Chang: [0026-0037], [0007]); 

when a packet from the private network is received by a LAN interface unit ("a 
private network 101 Chang: [0024] and fig. 1), translating, by the address translation 
unit, a source address in accordance with the rule established on a per sending device 
basis (Chang: [0026-0037], [0007])j_and 

transferring, by the WAN interface unit, the packet having the translated address 
to the global network (Chang: [0026-0037], [0007]). 

Regarding claim 29, Chang discloses an address translation apparatus for a 
terminal or a server on a private network that does not have an address on a global 
network to perform communication through the global network, comprising: 

a WAN interface unit which provides communication with the global network 
("public network 100" Chang: [0024] and fig. 1); 

a LAN interface unit which provides communication with the private network ("a 
private network 101 Chang: [0024] and fig. 1); 

an address translation unit (Chang: [0024]) which translates an address in 
accordance with an address translation rule, in order to transfer information from a 
terminal on the global network to a terminal on the private network ("FIG. 4 shows the 
format of the NAPT table in accordance with the present invention" Chang: [0022]), and 
which translates an address in accordance with a rule established on a per sending 
device basis (Chang: [0026-0037], [0007]), in order to transfer information from a 
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terminal on tlie private network to a terminal on the global network (Chang: [0026- 
0037], [0007]), and 

a database unit which records the address translation rule and the rule (Chang: 
[0026-0037], [0007]), wherein 

the address translation rule associates a sending device and destination on the 
global network with a destination on the private network(Chang: [0007-0009]), and 

if a sending device and destination of the packet received at the WAN interface 
unit matches the sending device and destination on the global network of the address 
translation rule(Chang: [0007-0009]), the address translation unit translates the 
destination of the packet to the destination on the private network(Chang: [0007-0009]). 

Claim Rejections - 35 USC § 103 

7. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

8. Claims 1-5, 8-10, 15-16, 22-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Chang et al. (US 2004/0100976) hereafter Chang in view of 
Kokado et al. (US 2003/0115327) hereafter Kokado. 

Regarding claim 1 , Chang discloses a relay apparatus for a terminal or a server 
on a private network that does not have an address on a global network to perform 
communication through the global network, comprising: 
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a WAN interface unit wliicli provides communication with the global network 
("public network 100" Chang: [0024] and fig. 1); 

a LAN interface unit which provides communication with the private network ("a 
private network 101" Chang: [0024] and fig. 1); 

an address translation unit having (Chang: [0024]) including : 
means for translating an address in accordance with an address translation rule 
established on a per sending device basis ("FIG. 4 shows the format of the NAPT table 
in accordance with the present invention" Chang: [0022]), in order to transferring 
information from a terminal on the global network to a terminal on the private network ( 
Chang: [0026], [0022], [0031], [0007]); and 

means for translating an address in accordance with an address translation rule 
established on a per sending device basis (Chang: [0026-0037], [0007]), in order to 
transferring information from a terminal on the private network to a terminal on the 
global network (Chang: [0026-0037], [0007]); and 

a database unit which records the access control rule (Chang: [0026-0037], 
[0007]), wherein the address translation rule associates a sending device and 
destination on the global network with a destination on the private network (Chang : 
[0007-0009]) and 

if a sending device and destination of the packet received at the WAN interface 
unit matches the sending device and destination on the global network of the address 
translation rule (Chang: [0007-0009] ). the address translation unit translates the 
destination of the packet to the destination on the private network (Chang [0007-0009]). 
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Chang does not explicitly disclose an access control unit having means for 
controlling access from the global network to the private network in accordance with an 
access control rule which is established on a per sending device basis or on a per 
sending network basis. 

However Kokado discloses a method and firewall system to control access from 
an internal private network and an external public network based on a per sending 
device basis or on a per sending network basis (Kokado: [0188]; [0190-0191]; [01 16]) 
and Figures 9-10 and 22) in order to provide security to the private network (Kokado: 
[0002-0010]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
method of Kokado in order to prevent unauthorized access to the private network 
(Kokado: [0002-0010]). 

Regarding claim 2, the modified Chang reference discloses the relay apparatus 
according to Claim 1 as described above. Chang does not explicitly disclose, an 
authentication unit which performs authentication in response to a request for access 
permission sent from a terminal on the global network, wherein: the database unit 
further records user information used by the authentication unit to perform 
authentication; wherein t he access control unit further includes, means for adding an 
access control rule established on a per sending device basis or a per sending network 
basis to the database unit if the authentication succeeds, and means for deleting the 
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added access control rule from the database unit when a predetermined criterion for 
ending communication is satisfied; and the address translation unit further includes, 
means for adding an address translation rule which sets the terminal on the g lobal 
network as the sending device to the database unit if the authentication succeeds, and 
means for deleting the added address translation rule from the database unit when a 
predetermined criterion for ending communication is satisfied. 

However Kokado discloses a method and firewall system to control access from 
an internal private network and an external public network based on a per sending 
device basis or on a per sending network basis (Kokado: [0188]; [0190-0191]; [0116]) 
and Figures 9-10 and 22) in order to provide security to the private network (Kokado: 
[0002-0010]). Kokado further discloses the use authentication function and database 
for storing access control rules (Kokado: [0019-0021]). Kokado also discloses deleting 
the added address translation rule from the database unit when a predetermined 
criterion for ending communication is satisfied (Kokado: [0049]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication method of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]) 

Regarding claim 3, the modified Chang reference discloses the relay apparatus 
according to Claim 1 as described above. Chang does not explicitly disclose wherein: 
the access control unit further includes, means for adding an access control rule 
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established on a per sending device basis or on a per sending network basis to the 
database unit In response to a request from an authentication sever which performs 
authentication of a terminal on the global network(Kokado: [0019-0021]), and means for 
deleting the added access control rule from the database unit when a predetermined 
criterion for ending communication is satisfied(Kokado: [0048-0049]; fig. 8), and the 
address translation unit further includes, means for adding an address translation rule 
which sets the terminal on the g lobal network as the sending device to the database unit 
In response to a request from the authentication server(Kokado: [0073]; [0032-0034] ), 
and means for deleting the added address translation rule from the database unit when 
a predetermined criterion for ending communication Is satisfied (Kokado: [0048-0049]; 
fig. 8).. 

Kokado further discloses, the access control unit further Includes, means for 
adding an access control rule established on a per sending device basis or on a per 
sending network basis to the database unit In response to a request from an 
authentication sever which performs authentication of a terminal on the global network, 
and means for deleting the added access control rule from the database unit when a 
predetermined criterion for ending communication is satisfied; and the address 
translation unit further includes, means for adding an address translation rule which 
sets the terminal on the g lobal network as the sending device t o the database unit in 
response to a request from the authentication server, and means for deleting the added 
address translation rule from the database unit when a predetermined criterion for 
ending communication Is satisfied. 
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Kokado further discloses tlie use authentication function and database for storing 
access control rules (Kokado: [0019-0021]). Kokado also discloses deleting the added 
address translation rule from the database unit when a predetermined criterion for 
ending communication is satisfied (Kokado: [0049]). 

It would have been obvious to one of ordinary skill In the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication methods of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]) 

Regarding claim 4, the modified Chang reference discloses an authentication 
server which permits access to the relay apparatus according to Claim 3 as described 
above. Chang does not explicitly disclose comprising: an interface unit which provides 
communication with a terminal on the global network and the relay apparatus; an 
authentication unit which performs authentication in response to a request for 
permission to access the relay apparatus from a terminal on the global network; a 
control unit including, means for requesting the relay apparatus to add an access 
control rule and an address translation rule which sets the terminal on the global 
network as the sending device f or a packet from the terminal on the global network if 
authentication at the authentication unit succeeds, and means for requesting the relay 
apparatus to delete the added access control rule and address translation rule when a 
predetermined criterion for ending communication is satisfied; and a database unit 
which records information associating user information used by the authentication unit 
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to perform authentication with an access control rule and address translation rule 
requested to be added. However Kokado further disclose an interface unit which 
provides communication with a terminal on the global network and the relay apparatus; 
an authentication unit which performs authentication in response to a request for 
permission to access the relay apparatus from a terminal on the global network(Kokado: 
[0003]); a control unit including, means for requesting the relay apparatus to add an 
access control rule and an address translation rule which sets the terminal on the global 
network as the sending device f or a packet from the terminal on the global network if 
authentication at the authentication unit succeeds(Kokado: [0019-0021]), and means for 
requesting the relay apparatus to delete the added access control rule and address 
translation rule when a predetermined criterion for ending communication is 
satisfied(Kokado: [0188]; [0190-0191]; [0116]) and Figures 9-10 and 22); and a 
database unit which records information associating user information used by the 
authentication unit to perform authentication with an access control rule and address 
translation rule requested to be added (Kokado: [0188]; [0190-0191]; [0116]) and 
Figures 9-10 and 22). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication methods of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]) 
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Regarding claim 5, the modified Cliang reference discloses the relay apparatus 
according to 1 as described above, Chang does not explicitly disclose the access 
control unit further includes, means for adding an access control rule established on a 
per sending device basis to the database unit in response to a request for initiating 
communication from a terminal on a private networks, and means for deleting the added 
access control rule from the database unit when a predetermined criterion for ending 
communication is satisfied; and the address translation unit further includes, means for 
adding a rule established on a per sending device basis to the database unit in 
response to a request for initiating communication from a terminal on the private 
network, and means for deleting the added rule from the database unit when a 
predetermined criterion for ending communication is satisfied. However Kokado 
discloses wherein: a access control unit further has: means for adding an access control 
rule established on a per sending device basis to the database unit in response to a 
request for initiating communication from a terminal on a private network (Kokado: 
[0188]; [0190-0191]; [0116]) and Figures 9-10 and 22); and means for deleting the 
added access control rule from the database unit when a predetermined criterion for 
ending communication is satisfied (Kokado: [0048-0049]; fig. 8); and the address 
translation unit further has: means for adding an address translation rule established on 
a per sending device basis to the database unit in response to a request for initiating 
communication from a terminal on the private network (Kokado: [0033]; [0117]); and 
means for deleting the added address translation rule from the database unit when a 
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predetermined criterion for ending communication is satisfied (Kokado: [0048-0049]; fig. 
8). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication methods of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]) 

Regarding claim 8, Change discloses the address translation apparatus 
according to Claim 7 as described above. Change does not explicitly disclose, 
comprising: an authentication unit which performs authentication in response to a 
request for initiating communication from a terminal on the global network, wherein: the 
database unites further records user information used by the authentication unit to 
perform authentication, and the address translation unit adds the address translation 
rule which sets the terminal on the global network as the sending device to the 
database unit in response to a request for initiating communication from a terminal on 
the global network only if the authentication succeeds. 

However Kokado discloses a method and firewall system to control access from 
a terminal on internal private network and a terminal on an external public network 
(global network) based on a per sending device basis or on a per sending network basis 
(Kokado: [0188]; [0190-0191]; [01 16]) and Figures 9-10 and 22) in order to provide 
security to the private network (Kokado: [0002-0010]). Kokado further discloses the use 
authentication function and database for storing access control rules (Kokado: [0019- 
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0021]). Kokado also discloses the use of address translation rules from the database 
unit (Kokado: [0049]; [0165-0167]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication method of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]) 

Regarding claim 9, Change discloses the address translation apparatus 
according to Claim 7 as described above. Change does not explicitly disclose, wherein 
the address translation unit adds the address translation rule which sets the terminal on 
the global network as the sending device t o the database unit in response to a request 
for initiating communication from a terminal on the global network only if an 
authentication server which performs authentication requests the addition. 

However Kokado discloses a method and firewall system to control access from 
a terminal on internal private network and a terminal on an external public network 
(global network) based on a per sending device basis or on a per sending network basis 
(Kokado: [0188]; [0190-0191]; [0116]) and Figures 9-10 and 22) in order to provide 
security to the private network (Kokado: [0002-0010]). Kokado further discloses the use 
authentication function and database for storing access control rules (Kokado: [0019- 
0021]). Kokado also discloses the use of address translation rules from the database 
unit (Kokado: [0049]; [0165-0167]). 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication method of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]). 

Regarding claim 10, the modified Change reference discloses the address 
translation apparatus according to Claim 9 as described above. Change does not 
explicitly disclose an interface unit which provides communication with a terminal on the 
global network and the address translation apparatus; an authentication unit which 
performs authentication in response to a request for permission to access the address 
translation apparatus from a terminal on the global network; a control unit including, 

means for requesting the address translation apparatus to add an address 
translation rule which sets the terminal on the global network as the sending device if 
authentication at the authentication unit succeeds, and means for requesting the 
address translation apparatus to delete the added address translation rule when a 
predetermined criterion for ending communication is satisfied; and a database unit 
which records user information used by the authentication unit to perform 
authentication. 

However Kokado discloses a method and firewall system to control access from 
a terminal on internal private network and a terminal on an external public network 
(global network) based on a per sending device basis or on a per sending network basis 
(Kokado: [0188]; [0190-0191]; [01 16]) and Figures 9-10 and 22) in order to provide 
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security to the private network (Kokado: [0002-0010]). Kokado further discloses the use 
authentication function and database for storing access control rules (Kokado: [0019- 
0021]). Kokado also discloses the use of address translation rules from the database 
unit (Kokado: [0049]; [0165-0167]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication method of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]) 

Regarding claim 15, the modified Chang reference discloses relay apparatus 
according to Claim 1 as described above. Chang does not explicitly disclose, wherein 
the access control rule and the address translation rule have a condition with the IP 
address of the sending device or the IP address of the sending network. 

However Kokado discloses a method and firewall system to control access from 
an internal private network and an external public network based on a per sending 
device basis or on a per sending network basis (Kokado: [0188]; [0190-0191]; [01 16]) 
and Figures 9-10 and 22) in order to provide security to the private network (Kokado: 
[0002-0010]). Kokado further discloses the use authentication function and database 
for storing access control rules (Kokado: [0019-0021]). Kokado also discloses the use 
of address translation rules from the database unit (Kokado: [0049]; [0165-0167]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
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and authentication nnetliod of Kol<ado in order to prevent unauthorized access to the 
private networl< (Kokado: [0002-0010]) 

Regarding claim 16, the modified Chang reference discloses relay apparatus 
according to Claim 15 as described above. Chang does not explicitly discloses 
comprising: an authentication unit which performs authentication in response to a 
request for access permission sent from a terminal on the global network, wherein: 
the database unit further records user information used by the authentication unit to 
perform authentication; the access control unit further^means for adding an access 
control rule established on a per sending device basis or a per sending network basis to 
the database unit if the authentication succeeds, and means for deleting the added 
access control rule from the database unit when a predetermined criterion for ending 
communication is satisfied; and the address translation unit further includes, means for 
adding an address translation rule which sets the terminal on the g lobal network as the 
sending device established on a per sending device basis to the database unit if the 
authentication succeeds, and means for deleting the added address translation rule 
from the database unit when a predetermined criterion for ending communication is 
satisfied. 

However Kokado discloses a method and firewall system to control access from 
an internal private network and an external public network based on a per sending 
device basis or on a per sending network basis (Kokado: [0188]; [0190-0191]; [01 16]) 
and Figures 9-10 and 22) in order to provide security to the private network (Kokado: 
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[0002-0010]). Kokado further discloses the use authentication function and database 
for storing access control rules (Kokado: [0019-0021]). Kokado also discloses the use 
of address translation rules from the database unit (Kokado: [0049]; [0165-0167]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication method of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]) 

Regarding claim 22, Chang discloses an address translation method for a 
terminal on a private network that does not have an address on a global network to 
perform communication through the global network, comprising: 

recording an address translation rule established on a per sending device basis 
associating a sending device and destination on the global network with a destination 
on the private network in a database unit beforehand (Chang: [0007-0009]; "FIG. 4 
shows the format of the NAPT table in accordance with the present invention" Chang: 
[0022]); 

when a packet from the global network is received by a WAN interface unit 
("public network 100" Chang: [0024] and fig. 1), 

if a matching address translation rule is not found in the database unit, adding 
an address translation rule to the database unit and translating the address of the 
packet in accordance with the added address translation rule (Chang: [0026-0037], 
[0007]); and 
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transferring, by a LAN interface unit, the packet having the translated address to 
the private network ("a private network 101" Chang: [0024] and fig. 1 ; Chang: [0026], 
[0022], [0031], [0007]); 

when a packet from the private network is received by the LAN interface unit; 
checking, by the address translation unit, the database unit to see whether or not an 
address translation rule that matches source information and destination information of 
the packet is recorded in the database unit ( Chang: [0026], [0022], [0031], [0007]), and 

if a matching address translation rule is found in the database unit, translating the 
address of the packet in accordance with the address translation rule (Chang: [0026- 
0037], [0007]); 

if a matching address translation rule is not found in the database unit, adding an 
address translation rule to the database unit and translating the address of the packet in 
accordance with the added address translation rule (Chang: [0026-0037], [0007]); and 

transferring by the WAN interface unit the packet having the translated address 
to the global network(Chang: [0026-0037], [0007]); and 

if there is an address translation rule added by the address translation unit, 
deleting the address translation rule from the database unit when a predetermined 
criterion for ending communication is satisfied ("lifetime 302 represents the time that the 
connection-related NAPTdata remains in the table 106" Chang:[0031]). 

Chang does not explicitly disclose performing authentication in an authentication 
unit and if f the authentication succeeds, checking, by the address translation unit, the 
database unit to see whether or not an address translation rule whose sending device 
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and destination on the global network matches a sending device and destination of the 
packet is stored in the database unit, and if a matching address translation rule is found 
in the database unit, translating the address of the packet in accordance with the 
address translation rule; 

However Kokado discloses a method and firewall system to control access from 
an internal private network and an external public network based on a per sending 
device basis or on a per sending network basis (Kokado: [0188]; [0190-0191]; [01 16]) 
and Figures 9-10 and 22) in order to provide security to the private network (Kokado: 
[0002-0010]). Kokado further discloses the use authentication function and database 
for storing access control rules (Kokado: [0019-0021]). Kokado also discloses the use 
of address translation rules from the database unit (Kokado: [0049]; [0165-0167]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
method of Kokado in order to prevent unauthorized access to the private network 
(Kokado: [0002-0010]). 

Regarding claim 23, the modified Chang reference discloses the address 
translation method according to Claim 22 as described above. Chang does not 
explicitly disclose, wherein, instead of performing authentication in the authentication 
unit, determination is made that authentication is successful when a request is received 
from an authentication server which performs authentication of a terminal on the global 
network. However Kokado discloses a method firewall system to control access from an 
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internal private network and an external public network based on a per sending device 
basis or on a per sending network basis (Kokado: [0188]; [0190-0191]; [0116]) and 
Figures 9-10 and 22) in order to provide security to the private network (Kokado: [0002- 
0010]). Kokado further discloses the use authentication function and database for 
storing access control rules (Kokado: [0019-0021]). Kokado also discloses deleting the 
added address translation rule from the database unit when a predetermined criterion 
for ending communication is satisfied (Kokado: [0049]). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to create network address translation of Chang to include the access control 
and authentication method of Kokado in order to prevent unauthorized access to the 
private network (Kokado: [0002-0010]). 

Conclusion 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DAVID AMPAGOOMIAN whose telephone number is 
(571)270-1896. The examiner can normally be reached on Monday through Friday 9:30 
AM to 7:00 PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (BBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/D. A./ 

Examiner, Art Unit 2446 
/Jeffrey Pwu/ 

Supervisory Patent Examiner, Art Unit 2446 
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